I signed single bundle installer app for Mac (.dmg) using Developer ID Application certificate .p12 key file. I get no complain from install4j 5.1.12 during build and it asks me for my password and outputs that application is signed.
Creating media file 'Mac OS X Single Bundle':
Collecting files:
Compiling launchers:
Compiling launcher 'MyTestApp':
Generating VM options file vmoptions.txt.
Creating media file:
Zipping custom code & resources JAR file
Identifying components
Adding JRE (macosx-amd64-1.7.0_65)
Shrinking runtime
Compressing files
Applying LZMA compression
Generating VM options file vmoptions.txt.
Signing installer
Moving media files to media directory C:\..
Installer\Installer\Build
The name of the media file is MyTestApp.dmg.
The size of the media file is 34.4 MB
When hosted that application from an iis webserver the client downloads and tries to install it he gets error from Mac Gate Keeper that application is not safe and it does not let it install. When I do codesign -dvvv on the app on Mac I get information about the application signatures that looks normal to me. At this point I have no idea why its not passing Gate Keeper. Any help will be appreciated.
$ codesign -dvvv MyTestApp.app
Executable=MyTestApp
Installer.app/Contents/MacOS/JavaApplicationStub
Identifier=com.install4j.4414-4382-9884-2117.347
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=626 flags=0x0(none) hashes=24+3 location=embedded
Hash type=sha1 size=20
CDHash=27fe7393db936790d050c78d09bb9a6e489f10d6
Signature size=4241
Authority=Developer ID Application: Zee, Inc. (KZ254T2RPN)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=Sep 16, 2014, 2:25:12 PM
Info.plist entries=25
TeamIdentifier=not set
Sealed Resources version=1 rules=4 files=20
Internal requirements count=1 size=36
Since Mac OS 10.9.5 you need a v2 signature, otherwise it's rejected by Gatekeeper. You can see that in the line
Sealed Resources version=1 rules=4 files=20
It should say "version 2" there. Recompile with install4j 5.1.13 or later, then the signature will be accepted.
For more information see here.